Add general escaping to JSON tags

sirreal · sirreal · commit cad8ac9f5f33 · 2025-12-12T23:34:40.000+01:00
diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -3867,6 +3867,15 @@ static function ( $matches ) {
 							},
 							$plaintext_content
 						);
+					} elseif ( $this->is_json_script_tag() ) {
+						/*
+						 * To JSON escape JSON, the `<` character can be replaced
+						 * everywhere.
+						 */
+						$plaintext_content = strtr(
+							$plaintext_content,
+							array( '<' => '\\u003C' )
+						);
 					} else {
 						return false;
 					}
@@ -4044,6 +4053,50 @@ public function is_javascript_script_tag(): bool {
 		return false;
 	}
 
+	/**
+	 * Indicates if the currently matched tag is a JSON script tag.
+	 *
+	 * @since {WP_VERSION}
+	 *
+	 * @return bool True if the script tag should be treated as JSON.
+	 */
+	public function is_json_script_tag(): bool {
+		if ( 'SCRIPT' !== $this->get_tag() || $this->get_namespace() !== 'html' ) {
+			return false;
+		}
+
+		$type_attr = $this->get_attribute( 'type' );
+
+		if ( empty( $type_attr ) || true === $type_attr ) {
+			return false;
+		}
+
+		$type_string = strtolower( trim( $type_attr, " \t\f\r\n" ) );
+
+		/*
+		 * > …
+		 * > Otherwise, if the script block's type string is an ASCII case-insensitive match for the string "importmap", then set el's type to "importmap".
+		 * > Otherwise, if the script block's type string is an ASCII case-insensitive match for the string "speculationrules", then set el's type to "speculationrules".
+		 * @see https://html.spec.whatwg.org/#script-processing-model
+		 *
+		 * > A JSON MIME type is any MIME type whose subtype ends in "+json" or whose essence
+		 * > is "application/json" or "text/json".
+		 *
+		 * @see https://mimesniff.spec.whatwg.org/#json-mime-type
+		 */
+		if (
+			'application/json' === $type_string
+			|| 'importmap' === $type_string
+			|| 'speculationrules' === $type_string
+			|| 'text/json' === $type_string
+			|| str_ends_with( $type_string, '+json' )
+		) {
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Updates or creates a new attribute on the currently matched tag with the passed value.
 	 *
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessorModifiableText.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessorModifiableText.php
@@ -539,4 +539,38 @@ public static function data_script_tag_text_updates(): array {
 			'Non-JS script, save HTML-like content' => array( '<script type="text/html"></script>', '<h1>This & that</h1>', '<script type="text/html"><h1>This & that</h1></script>' ),
 		);
 	}
+
+
+	/**
+	 * @ticket 62797
+	 */
+	public function test_javascript_and_json_escaping() {
+		$processor = new WP_HTML_Tag_Processor( "<script></script>\n<script></script>\n<h1>OK</h1>" );
+		$processor->next_tag( 'SCRIPT' );
+		$processor->set_attribute( 'type', 'importmap' );
+		$importmap = array(
+			'imports' => array(
+				'</SCRIPT>\\<!--\\<script>' => "./script",
+			),
+		);
+		$importmap = json_encode(
+			$importmap,
+			JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS
+		);
+
+		$processor->set_modifiable_text( $importmap );
+		$processor->next_tag( 'SCRIPT' );
+		$processor->set_attribute( 'type', 'module' );
+		$javascript = <<<'JS'
+import '</SCRIPT>\\<!--\\<script>';
+JS;
+		$processor->set_modifiable_text( $javascript );
+
+		$expected = <<<'HTML'
+<script type="importmap">{"imports":{"\u003C/SCRIPT>\\\u003C!--\\\u003Cscript>":"./script"}}</script>
+<script type="module">import '</\u0053CRIPT>\\<!--\\<\u0073cript>';</script>
+<h1>OK</h1>
+HTML;
+		$this->assertEqualHTML( $expected, $processor->get_updated_html() );
+	}
 }
